Cyrus +ldap howto
Is there a how to for using cyrus with cyrus sasl and ldap for passwords I already have got this working on my machine rehdhat linux 9.0 , But the problem is I am using it with plain text passwords in ldap. I want to encrypt them ( any encryption , SSA CRYPT etc ) . So what changes do I have do to ldap.conf and the ldap data Thanks Ram NETCORE SOLUTIONS *** Ph: +91 22 5662 8000 Fax: +91 22 5662 8134 MailServ and FlexiMail: Messaging Solutions: http://netcore.co.in Pragatee: Integrated Server-Software Suite: http://www.pragatee.com Emergic Freedom: Server-centric Computing: http://www.emergic.com BlogStreet: Blog Profiles and RSS Ecosystem: http://blogstreet.com Deeshaa: Rural Development: http://www.deeshaa.com Rajesh Jain's Weblog on Technology: http://www.emergic.org
installing cyrus imap
Hi all When I try to install Cyurs imap 2.1.15 on my debian machine I get the following error with make: util.c gcc -c -I.. -I/usr/local/BerkeleyDB.4.1/include -I/usr/local/include -I/usr/lib/include -DHAVE_CONFIG_H -I. -I. -Wall -g -O2 \ mkgmtime.c gcc -c -I.. -I/usr/local/BerkeleyDB.4.1/include -I/usr/local/include -I/usr/lib/include -DHAVE_CONFIG_H -I. -I. -Wall -g -O2 \ prot.c prot.c:654: macro `va_start' used with too many (2) args make[1]: *** [prot.o] Error 1 make[1]: Leaving directory `/usr/src/cyrus-imapd-2.1.15/lib' make: *** [all] Error 1 When I run ./configure with the following options I get no errors --with-dbdir=/usr/local/BerkeleyDB.4.1 --with-bdb-libdir=/usr/local/BerkeleyDB.4.1/lib --with-bdb-incdir=/usr/local/BerkeleyDB.4.1/include --with-cyrus-group=cyrus --with-sasl=/usr/lib make depend runs fine to. What is wrong or does anyone know what it means? Thanks in advance Greets Geert attachment: winmail.dat
imap and ldap
Hi all Again I have a question. I want to setup a mail-server and the users must be retrieved from the ldap-server. I have heard from several people and read in several guides that it is possible with saslauthd -a ldap and put the following option in the imapd.conf: sasl_pwcheck_method: saslauthd But of course when I try to do that I get error messages. The first one is when I execute the command saslauthd -a ldap: saslauthd[285] :set_auth_mech : unknown authentication mechanism: ldap the solution is not by using pam because that is not an option in saslauthd. The second one is when I try to open a mailbox in outlook express. Then I get the messages that on line (the line where sasl_pwcheck_method is located) that the command is unknown. What am I missing or doing wrong? I hope anyone could help me. Thanks in advance Geert Reijnders attachment: winmail.dat
Re: imap and ldap
Hi you must have a ldap capable saslauthd # saslauthd -v saslauthd 2.1.17 authentication mechanisms: getpwent pam rimap shadow ldap to obtain this, you have to configure --with-ldap Geert Reijnders wrote: Hi all Again I have a question. I want to setup a mail-server and the users must be retrieved from the ldap-server. I have heard from several people and read in several guides that it is possible with saslauthd -a ldap and put the following option in the imapd.conf: sasl_pwcheck_method: saslauthd But of course when I try to do that I get error messages. The first one is when I execute the command saslauthd -a ldap: saslauthd[285] :set_auth_mech : unknown authentication mechanism: ldap the solution is not by using pam because that is not an option in saslauthd. The second one is when I try to open a mailbox in outlook express. Then I get the messages that on line (the line where sasl_pwcheck_method is located) that the command is unknown. What am I missing or doing wrong? I hope anyone could help me. Thanks in advance Geert Reijnders
Re: mailboxes.db problem cont.
On Thu, 11 Dec 2003, Craig Ringer wrote: Naturally this would need to be prefaced with a warning about the loss of ACL information - a use as a last resort only warning. The ACL information is maintained in the cyrus.header file. If you still have that, there is no reason you should suffer a loss of ACL information. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: imap and ldap
Hi all Again I have a question. I want to setup a mail-server and the users must be retrieved from the ldap-server. I have heard from several people and read in several guides that it is possible with saslauthd -a ldap and put the following option in the imapd.conf: sasl_pwcheck_method: saslauthd But of course when I try to do that I get error messages. The first one is when I execute the command saslauthd -a ldap: saslauthd[285] :set_auth_mech : unknown authentication mechanism: ldap Did you compile your cyrus-sasl with ldap support? It looks like ldap support is missing. Simon the solution is not by using pam because that is not an option in saslauthd. The second one is when I try to open a mailbox in outlook express. Then I get the messages that on line (the line where sasl_pwcheck_method is located) that the command is unknown. What am I missing or doing wrong? I hope anyone could help me. Thanks in advance Geert Reijnders
RE: imap and ldap
Oke I tried to reconfigure cyrus-sasl with the following options --with-ldap=/etc/ldap (because I had to give a directory) Everything was going fine, no errors during the installation but when I executed the command saslauthd -v I get the same options. saslauthd 2.1.15 authentication mechanisms: getpwent rimap shadow I don't get it. Is it the version I use because with ldap is experimental in this version I read in the help. Greets Geert -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Laurent Larquère Verzonden: donderdag 11 december 2003 15:31 Aan: Geert Reijnders;[EMAIL PROTECTED] Onderwerp: Re: imap and ldap Hi you must have a ldap capable saslauthd # saslauthd -v saslauthd 2.1.17 authentication mechanisms: getpwent pam rimap shadow ldap to obtain this, you have to configure --with-ldap Geert Reijnders wrote: Hi all Again I have a question. I want to setup a mail-server and the users must be retrieved from the ldap-server. I have heard from several people and read in several guides that it is possible with saslauthd -a ldap and put the following option in the imapd.conf: sasl_pwcheck_method: saslauthd But of course when I try to do that I get error messages. The first one is when I execute the command saslauthd -a ldap: saslauthd[285] :set_auth_mech : unknown authentication mechanism: ldap the solution is not by using pam because that is not an option in saslauthd. The second one is when I try to open a mailbox in outlook express. Then I get the messages that on line (the line where sasl_pwcheck_method is located) that the command is unknown. What am I missing or doing wrong? I hope anyone could help me. Thanks in advance Geert Reijnders attachment: winmail.dat
Re: imap and ldap
Hi, Did you compiled your own cyrus-sasl or used a third-party package ? If you compiled, did you used the --with-ldap switch to configure ? Do you have OpenLDAP and assorted libs installed ? On Thu, Dec 11, 2003 at 03:07:11PM +0100, Geert Reijnders wrote: Hi all Again I have a question. I want to setup a mail-server and the users must be retrieved from the ldap-server. I have heard from several people and read in several guides that it is possible with saslauthd -a ldap and put the following option in the imapd.conf: sasl_pwcheck_method: saslauthd But of course when I try to do that I get error messages. The first one is when I execute the command saslauthd -a ldap: saslauthd[285] :set_auth_mech : unknown authentication mechanism: ldap the solution is not by using pam because that is not an option in saslauthd. The second one is when I try to open a mailbox in outlook express. Then I get the messages that on line (the line where sasl_pwcheck_method is located) that the command is unknown. What am I missing or doing wrong? I hope anyone could help me. Thanks in advance Geert Reijnders -- Etienne GoyerLinux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
moving db from one machine to the next
Hi all, i have a cyrus 1.6.22 running on redhat 6.2. i an now building a new cyrus server (2.1.5) on redhat 9. what is the best way to move the info from one server to the next ? Ronen Amity system / ClearCase Administrator Mainsoft Corp Israel Email: [EMAIL PROTECTED] Work Phone: +972-8-9781300 ext: 358 Mobile: +972-58-214707 Fax +972-8-9219389
Telemetry log before authentication ?
Hi,
I am troubleshooting a problem where the client negociate STARTTLS with
success, then fail. I guess the authentication did not work because the
server does not write telemetry log. I have local6 and auth log
facility set to debug, and I see nothing after the successful starttls
negociation message. I was trying to figure out if the client tried to
AUTHENTICATE (and, if yes, wich mechanism he tried), or just dropped it
after CAPABILITY.
I guess I would need telemetry of session before the authentication
succeed, unless somebody could tell me for sure no AUTHENTICATE have
been tried because it would have blah in (local6|auth) facility.
On a somewhat related note, did anybody on this list ever used the PHP
imap_open() function with authuser, such as opening
{localhost/authuser=admin}INBOX ? If yes, which version of PHP where
you using, and what does your mailbox name looked like ?
Thanks everybody for your answers.
--
Etienne GoyerLinux Québec Technologies Inc.
http://www.LinuxQuebec.com [EMAIL PROTECTED]
Re: AUTHENTICATE PLAIN
On Thu, 11 Dec 2003, Phil Chambers wrote: As I understand it from http://asg.web.cmu.edu/cyrus/rfc/imsp.html the IMSP server should then respond with a + followed by a base64 string. Instead it just puts out the + without the base64 string. The base64 string for the first server challenge of PLAIN is empty (that is, there is no initial server challenge). So, your server is doing the right thing. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: moving db from one machine to the next
On Thu, 11 Dec 2003, Ronen Amity wrote: i have a cyrus 1.6.22 running on redhat 6.2. i an now building a new cyrus server (2.1.5) on redhat 9. what is the best way to move the info from one server to the next ? The best way would be to read the file doc/install-upgrade.html, then move the data and do what it says. Failing that, using UW's mailutil (distribted with UW-IMAPd) to move the mailboxes is a good bet. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
RE: imap and ldap
On Thu, 11 Dec 2003, Geert Reijnders wrote: Oke I tried to reconfigure cyrus-sasl with the following options --with-ldap=/etc/ldap (because I had to give a directory) It appears that saslauthd configure script cannot find openldap libs on your system. Check saslauthd/config.log and search for LDAP. -Igor Everything was going fine, no errors during the installation but when I executed the command saslauthd -v I get the same options. saslauthd 2.1.15 authentication mechanisms: getpwent rimap shadow I don't get it. Is it the version I use because with ldap is experimental in this version I read in the help. Greets Geert -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Laurent Larquère Verzonden: donderdag 11 december 2003 15:31 Aan: Geert Reijnders;[EMAIL PROTECTED] Onderwerp: Re: imap and ldap Hi you must have a ldap capable saslauthd # saslauthd -v saslauthd 2.1.17 authentication mechanisms: getpwent pam rimap shadow ldap to obtain this, you have to configure --with-ldap Geert Reijnders wrote: Hi all Again I have a question. I want to setup a mail-server and the users must be retrieved from the ldap-server. I have heard from several people and read in several guides that it is possible with saslauthd -a ldap and put the following option in the imapd.conf: sasl_pwcheck_method: saslauthd But of course when I try to do that I get error messages. The first one is when I execute the command saslauthd -a ldap: saslauthd[285] :set_auth_mech : unknown authentication mechanism: ldap the solution is not by using pam because that is not an option in saslauthd. The second one is when I try to open a mailbox in outlook express. Then I get the messages that on line (the line where sasl_pwcheck_method is located) that the command is unknown. What am I missing or doing wrong? I hope anyone could help me. Thanks in advance Geert Reijnders -- Igor
sasl and SMP
I am running: Debian:sarge Kernel:2.4.22-1-686-smp (had been 2.4.22-1-386) Cyrus/sasl:2.1.15 I recently installed a new kernel via: apt-get install kernel-image-2.4.22-1-686-smp Everything seemed to go well until I tried to log into cyrus. I got the following error: badlogin: localhost[127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: no secret in database] The date on /etc/sasldb2 had not changed. Changing passwords for my users fixed the problem. Anyone know what caused this? -- Trooper Jon S. Nelson, Linux Certified Admin., CCNA Pa. State Police, Bureau of Criminal Investigation Computer Crimes Unit Work: 610.344.4471 Cell/Page: 866.284.1603 [EMAIL PROTECTED]
Re: AUTHENTICATE PLAIN
On Thu, 11 Dec 2003 10:33:42 -0500 (EST) Rob Siemborski [EMAIL PROTECTED] wrote: On Thu, 11 Dec 2003, Phil Chambers wrote: As I understand it from http://asg.web.cmu.edu/cyrus/rfc/imsp.html the IMSP server should then respond with a + followed by a base64 string. Instead it just puts out the + without the base64 string. The base64 string for the first server challenge of PLAIN is empty (that is, there is no initial server challenge). So, your server is doing the right thing. -Rob Thanks for that info. What happens next is that Mulberry send a base64 string: AEFOT3RoZXIAZnRzcXN0YXI= and the server then disconnects. In fact, I have just seen from the SYSLOG that it core-dumps! Phil. --- Phil Chambers ([EMAIL PROTECTED]) University of Exeter
Re: Problems with Cyrus and SquirrelMail
On Fri, Dec 05, 2003 at 08:37:21PM -, Geoff Soper wrote: case? Does anyone have any experience of SquirrelMail and Cyrus? What can I do next in the way of diagnosis or remedy? I have recently used squirrelmail-1.4.2 and cyrus-2.1.16 without problems. You might want to check the $imap_server_type setting, the default is 'other', while it's probably better to set it to 'cyrus' in this case. Sorry for the delay, it is already set to cyrus. Thanks for the suggestion, Geoff
Re: Problems with Cyrus and SquirrelMail
On 12/11/03 12:20 PM Geoff Soper wrote:
[...]
Every time I set up SM with Cyrus and use altnamespace I always have to
set:
$noselect_fix_enable= true;
in config/config.php
Hi,
could you explain a little bit more about this please? What effect does
this option have?
My 'grep' is as good as yours. :)
functions/imap_mailbox.php:487:
if ($noselect_fix_enable) {
$lsub_args = LSUB \$folder_prefix\ \*%\;
} else {
$lsub_args = LSUB \$folder_prefix\ \*\;
}
--Jo
smime.p7s
Description: S/MIME Cryptographic Signature
Re: imap and ldap
On Thu, 11 Dec 2003, Alain Williams wrote: Tweak master.c (version 1.82), starting line 138, insert: #include tcpd.h int allow_severity = LOG_DEBUG; int deny_severity = LOG_ERR; I'm unclear why you needed to do this, since master doesn't link tcpwrappers, only the cyrus services do. Could you expand on what errors you were getting, and what commands were causing them? Also, writing documentation is great. Either post what you did to the wiki or send us patches for the documentation we distributed. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: imap and ldap
On Thu, Dec 11, 2003 at 05:02:42PM -0500, Rob Siemborski wrote: On Thu, 11 Dec 2003, Alain Williams wrote: Tweak master.c (version 1.82), starting line 138, insert: #include tcpd.h int allow_severity = LOG_DEBUG; int deny_severity = LOG_ERR; I'm unclear why you needed to do this, since master doesn't link tcpwrappers, only the cyrus services do. Could you expand on what errors you were getting, and what commands were causing them? Also, writing documentation is great. Either post what you did to the wiki or send us patches for the documentation we distributed. I shall complete what I am doing and then write it all up from the notes that I have. A couple of weeks time. -- Alain Williams #include std_disclaimer.h FATHERS-4-JUSTICE - Campaigning for equal rights for parents and the best interests of our children. See http://www.fathers-4-justice.org
Re: imap and ldap
On Thu, 11 Dec 2003, Igor Brezac wrote: This is needed for ucd-snmpd 4.2.6 compiled with tcpwrappers and possibly a few earlier revisions. It has tcpwrapper support in agentx. Ah, ok, committed. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: imap and ldap
On Thu, 11 Dec 2003, Rob Siemborski wrote: On Thu, 11 Dec 2003, Alain Williams wrote: Tweak master.c (version 1.82), starting line 138, insert: #include tcpd.h int allow_severity = LOG_DEBUG; int deny_severity = LOG_ERR; I'm unclear why you needed to do this, since master doesn't link tcpwrappers, only the cyrus services do. This is needed for ucd-snmpd 4.2.6 compiled with tcpwrappers and possibly a few earlier revisions. It has tcpwrapper support in agentx. Index: master.c === RCS file: /cvs/src/cyrus/master/master.c,v retrieving revision 1.85 diff -u -r1.85 master.c --- master.c22 Oct 2003 18:50:14 - 1.85 +++ master.c11 Dec 2003 22:18:51 - @@ -39,7 +39,7 @@ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: master.c,v 1.85 2003/10/22 18:50:14 rjs3 Exp $ */ +/* $Id: master.c,v 1.67.4.26 2003/10/17 20:37:42 rjs3 Exp $ */ #include config.h @@ -91,6 +91,10 @@ #include ucd-snmp/ucd-snmp-agent-includes.h #include cyrusMasterMIB.h + +int allow_severity = LOG_DEBUG; +int deny_severity = LOG_ERR; + #endif #include masterconf.h Could you expand on what errors you were getting, and what commands were causing them? Also, writing documentation is great. Either post what you did to the wiki or send us patches for the documentation we distributed. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper -- Igor
Re: imap and ldap
Oke I tried to reconfigure cyrus-sasl with the following options --with-ldap=/etc/ldap (because I had to give a directory) Everything was going fine, no errors during the installation but when I executed the command saslauthd -v I get the same options. saslauthd 2.1.15 authentication mechanisms: getpwent rimap shadow I'm sure you've checked all these, but just in case: - did you run make install? - is the install path on your PATH? - do you already have a system-provided cyrus-sasl installed? If the latter, it's quite likely that the saslauthd from that package is found before the one you compiled and installed. Try 'which saslauthd' to see which command your shell is excuting. Alternately, try explicitly running saslauthd with a full, explicit path. Craig Ringer
